Thank you

We respond to all inquiries as quickly as possible – often the same day. If you need to speak with us right away please contact us by phone.

Loading...

Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

I would like to thank fellow SpiderLabs Researcher Chaim Sanders and Dennis Wilson, Bryant Smith and Casey Critchfield for their help with gathering data and analyzing this attack. Analysis of a real Drupal compromise In this blog post, we will...

This morning we unveiled our reinvented Trustwave Global Security Report. It's a living report, online and available now. The data contained in the report is collected from forensic investigations that we conduct for businesses around the world, in addition to...

With the vast amount of research and content that was done by SpiderLabs for the Global Security Report, it made it impractical to include all of the content that was written for this year's password study. But instead of letting...

In our Global Security Report, we highlighted a zero day vulnerability in the Windows Common Controls affecting Microsoft Office (CVE-2012-0158). This was reportedly being used for targeted attacked against NGOs and human rights activist. Over the past week, the Cutwail...

A few weeks ago we released the 2013 Trustwave Global Security Report. This year, Trustwave analyzed millions of passwords, hundreds of businesses and billions of emails, all in an effort to expose the most critical and emerging security threats to...

Like a late-arriving christmas, one of the gifts of the new year is the release of SpiderLabs' annual white paper, the Global Security Report. As a supplement to this year's report, we're going to share some highlights of the corporate...

There's been a reasonable amount of coverage of the (proposed) data protection legal framework changes for the European Union, which the European Commission summarizes [1] as: The legal framework consists of two legislative proposals: A proposal for a Regulation of...

Those familiar with password cracking know that KoreLogic's rule set for John the Ripper has become the de facto standard for password cracking.However, as with anything technology related, the rules are slightly starting to show their age, specifically with rules designed to take into account years. So, I decided to take on the task of making a few modifications to the rule set, this includes updating them to take into account the current and prior year, but also reworking some of the rules to eliminate some redundancy.

Numerous technical articles emerge each day about the latest vulnerabilities, flaws, exploits, and whatnot. That's great and all (who hasn't simultaneously groaned and cheered when they find an MS08-067 exploitable machine on a pentest, 4+ years after the vulnerability was...

Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we reported that 20% of our incident response investigations related to e-commerce sites. This was up from 9% the year before. In my part of the world...

In part 1 of this series I gave an introduction into how most merchants accept payments and how most bad guys steal this data. In this post, I'm going to delve into the misconceptions about e-commerce security that we hear...

It was a hectic week in London. In case you hadn't heard its was InfoSec europe week, but we were also busy with the SC Awards dinner (where PenTest Manager won the innovation award), Bsides London, 44 café, speaking at...

Over the last two weeks we ran a Twitter contest in celebration of the launch of our 2012 Global Security Report. This contest asked our SpiderLabs Twitter follows to find the answers to various questions within the report. We had...

On Friday we posted our seventh question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "One in how many organizations use insecure remote access solutions as seen through vulnerability scans performed by Trustwave?" The answer is......

On Thursday we posted our sixth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What are the two main motivations for web-based attacks as seen in 2011 by Trustwave SpiderLabs?" The answer is... "Hacking for...

On Tuesday we posted our fifth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "Jeopardy Style: This data aggregation attack technique obtains data while it is being processed or access by a system or application....

On Monday we posted our fourth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What was the top "origin" of attack as seen through Trustwave SpiderLabs investigations in 2011?" The answer is... "Unknown" or "Unknown...

On Friday we posted our third question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What was the 7th most popular password found during a Business Password Analysis of over 2M hashes by Trustwave SpiderLabs?" The...

Stay Connected

Subscribe

Sign up to receive the latest security news
and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics

All Trending

ModSecurity

Application Security

Malware

ModSecurity Rules

Penetration Testing

SpiderLabs Radio

MAPP

Advisories

Tools

Ready to Get Started?

Our specialists are ready to tailor our security service solutions to fit the needs of your organization.